FinTech and banking applications are accessed every day by millions of consumers around the world, and passwords remain the primary method of authenticating users into the service. Yet, they are inherently vulnerable and create risks for every financial organisation that exists. So, how do we mitigate that risk without compromising on experience, convenience, or expending a lot of money fixing a problem?

Firstly, we all know that we now live in an increasingly digital age that has become more pervasive in our everyday life – especially  since the pandemic. According to a report from Ernst and Young, usage of FinTech applications has increased by 72% across Europe. On top of this, those demographics that had been deemed less digitally savvy and more accustomed to physical visits to a bank, now access their financial information through digital channels presenting financial service providers with new challenges. 

In response to the increase in digital uptake, these very providers have increased their investments in expanding their authentication capabilities, taking advantage of biometrics and multi-factor authentication (MFA) to mitigate the rising risk of fraud and account takeover (ATO). But, this still isn’t enough.

Phishing is the problem

Through phishing, password spraying, and brute-force attacks, threat actors are accessing vast networks of information, often by compromising a single account or set of credentials. Unauthorised access is the leading cause of breaches in the past five years, according to ForgeRock’s Identity Breach Report. Beyond this, the World Economic Forum repports that nearly 80% of cybercrimes can be traced back to breached passwords. 

And cybercriminals are spoilt for choice. Last year alone, more than 2 billion usernames and passwords were breached, increasing by 35% year-on-year. It is clear that login credentials are the soft underbelly for consumers and the financial organisations they register with.

More broadly, password-based administration and support can also have a direct negative impact on a company’s bottom line. Research by Mastercard showed that the friction introduced by passwords can lead to lost revenue as a third of users forced to recover their password will abandon the login process altogether. 

Weaning ourselves off the traditional, and accelerating to the future

Quite clearly passwords won’t disappear overnight, they have become a core part of our lives that we simply treat them as the norm. But every financial organisation would be making a mistake if they didn’t investigate how they can get towards a passwordless future because issues like fraud and ATO attacks become greatly reduced when a password isn’t required. For example, how can hackers gain access to personal information of a customer, or an employee if there are no login credentials to steal? If no passwords exist, phishing attacks through this medium are taken off the table because hackers can’t use brute force to try to guess a password, nor could they socially engineer a password: they simply have to find another way to gain access. 

For financial organisations looking to make the shift to passwordless, in the interim it is important to ensure customer experience isn’t hindered. Positive friction is instead a word I would use to ensure security is retained, without compromising on experience. We all know that in recent years challenger banks brought in a new standard of digital experience that consumers flocked to, and traditional banks have invested heavily in innovation to catch up. 

Now, that investment is something that shouldn’t be squandered, so a way to bridge the gap between the passwordless future and the present day is single sign-on. This can help supplement the security of a password based authentication system. Advancements in artificial intelligence (AI) have enabled contextual signals to develop a risk score of a customer attempting to login, and if the authentication attempt is deemed risky it could prompt a second authentication factor or even completely block the authentication attempt altogether. Fraud costs financial organisations more than £1 billion a year on average, so preventing it has to become a key priority and the route forward is clear, authenticate your customers using a passwordless method to take a risk vector off the table.